XHTML

Bruce Schneier Advocates no Encryption

Bruce has written an interesting post about wireless encryption [1]. His main ideas seem to be that it’s nice to provide emergency net access for random people, that attempting to secure a wireless network only causes more problems when (not if) it is broken, and that your machines which are mobile need to be secure against a hostile LAN anyway.

These all make sense. I’d probably be doing the same if it wasn’t for the problems I had getting 802.11b gear working in my house (maybe conflicts with some of the other wireless equipment I run) and for the fact that I run NFS over my home network (which needs decent performance and has no security).

2 comments to Bruce Schneier Advocates no Encryption

This concept is foolish and reeks more of a lazy excuse for incompetence than any sort of philanthropic gesture. Would you leave your car on the street with the keys in it for anyone to borrow and risk all of the abuse or legal problems that could ensue? Of course not. Schneier’s original post goes on at length about the risks, clearly indicating he is not stupid, but then he just shrugs it off negligently. There’s a word for such reckless indifference to safety: “irresponsible”. People who lack the responsibility to secure wireless properly shouldn’t be using it at all.

Before doing so I would suggest you check out your local laws: here in Germany you can be held liable for e.g copyright violations commited through your internet connection even if you yourself are not responsible but you had an unsecured network running (you may leave out encryption if you restrict access by a MAC address but it might be possible that some fakes his MAC and then you have even more difficulties to prove you’re not the one who did it. Some German courts consider it “general knwoledge” that you must protect your network against intrusion and by not doing so you are responsible for any crime commited. The construct which allows this is called “Mitstörerhaftung”.

So apart from allowing everyowne to evesdrop on your communication (e.g banking information) or even to manipulate it you might risk tu be sued.